diff --git a/scripts/debian12.sh b/scripts/debian12.sh index 6eb00d5..6e9245d 100644 --- a/scripts/debian12.sh +++ b/scripts/debian12.sh @@ -12,6 +12,21 @@ exit 0 EOL chmod +x /etc/rc.local +# install the ansible user +echo '> create ansible user ...' +useradd -m ansible + +# configure ansible user +echo '> configure ansible user ...' +mkdir -p /home/ansible/.ssh +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn" >> /home/ansible/.ssh/authorized_keys +chmod 700 /home/ansible/.ssh +chmod 600 /home/ansible/.ssh/authorized_keys +chown -R ansible:ansible /home/ansible + +# configure sudo for ansible +echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible + # cleaning logs echo '> cleaning logs ...' rm -rf /var/log/* @@ -46,25 +61,6 @@ truncate -s 0 /etc/machine-id rm /var/lib/dbus/machine-id ln -s /etc/machine-id /var/lib/dbus/machine-id -# install the ansible user -echo '> create ansible user ...' -useradd -m ansible - -# configure ansible user -echo '> configure ansible user ...' -mkdir -p /home/ansible/.ssh -echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn" >> /home/ansible/.ssh/authorized_keys -chmod 700 /home/ansible/.ssh -chmod 600 /home/ansible/.ssh/authorized_keys -chown -R ansible:ansible /home/ansible - -# configure sudo for ansible -echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible - -# zero fill the disk -echo '> zero fill disk ...' -cat /dev/zero > /zero.file | exit 0 && sync && rm -f /zero.file - # disable root login over ssh sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config diff --git a/scripts/ubuntu24.sh b/scripts/ubuntu24.sh index 7005f79..eb7374c 100644 --- a/scripts/ubuntu24.sh +++ b/scripts/ubuntu24.sh @@ -19,6 +19,20 @@ sudo -u root chmod +x /etc/rc.local echo '> grow disk ...' sudo -u root lvresize --resizefs -l+100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv +# install the ansible user +echo '> create ansible user ...' +sudo -u root useradd -m ansible + +# configure ansible user +sudo -u root mkdir -p /home/ansible/.ssh +sudo -u root bash -c "echo \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn\" >> /home/ansible/.ssh/authorized_keys" +sudo -u root chmod 700 /home/ansible/.ssh +sudo -u root chmod 600 /home/ansible/.ssh/authorized_keys +sudo -u root chown -R ansible:ansible /home/ansible + +# configure sudo for ansible +sudo -u root bash -c "echo \"ansible ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers.d/ansible" + # cloud-init cleanup while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo '> Waiting for cloud-init ...'; @@ -68,24 +82,6 @@ history -cw echo > ~/.bash_history sudo -u root rm -fr /root/.bash_history -# install the ansible user -echo '> create ansible user ...' -sudo -u root useradd -m ansible - -# configure ansible user -sudo -u root mkdir -p /home/ansible/.ssh -sudo -u root bash -c "echo \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9H3XK4IaK2pd8xegsbCm0at70kCi33vYkHDccV3Iyn\" >> /home/ansible/.ssh/authorized_keys" -sudo -u root chmod 700 /home/ansible/.ssh -sudo -u root chmod 600 /home/ansible/.ssh/authorized_keys -sudo -u root chown -R ansible:ansible /home/ansible - -# configure sudo for ansible -sudo -u root bash -c "echo \"ansible ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers.d/ansible" - -# zero fill the disk -echo '> zero fill disk ...' -sudo -u root bash -c "cat /dev/zero > /zero.file | exit 0 && sync && rm -f /zero.file" - # all done echo '> done.' echo '> packer template build -- complete'